Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3079 | NET0730 | SV-3079r2_rule | ECSC-1 | Low |
Description |
---|
The finger service supports the UNIX finger protocol, which is used for querying a host about the users that are logged on. This service is not necessary for generic users. If an attacker were to find out who is using the network, they may use social engineering practices to try to elicit classified DoD information. |
STIG | Date |
---|---|
Infrastructure Router Security Technical Implementation Guide | 2013-10-08 |
Check Text ( C-3571r3_chk ) |
---|
Ensure finger has not been implemented in the configuration by verifying the vendor default and reviewing the configuration. |
Fix Text (F-3104r3_fix) |
---|
Disable the finger service. |